How to set Full Trust to installation folder without SDK 2.0

[Mike Bernstein]

I have produced an Outlook Add-in, which I need to install on another stand
alone PC. As it is, I have to pre-install NET Framework 2.0, the Office
Interop Assemblies and the VS Tools for Office runtimes. The problem is that
I also have to set the security on the installation folder to 'Full Trust',
otherwise the Add-in will not load.
How can one set 'Full Trust' security to an 'Outlook Add-in' installation
folder, on a stand alone PC, without having also to install the NET
Framework 2.0 SDK?

Mike Bernstein

 

[rkozlin]

I believe it has something to do with creating a security policy deployment
package from the .NET 2.0 Config utility. I have yet to test this on another
machine, but I believe after you set up the policy/s needed on the dev
machine you use this feature to create a MSI that will install the policy on
the target machine.

The problem I see right now is that the utility only seems to allow you to
store the Enterprise, Machine, or User sections whereas you may only wish to
store the policy for a specific app. Are we supposed to blow away the other
app policies on the dev machine so we only have the current working app there
for the deployment package? MS should think of a better/easier/more sensible
way to do this, or create a security policy configuration tool that is easier
to figure out. If I am missing something here, someone please enlighten me.

Thanks

 

[Mike Bernstein]

I have been looking at this. The deployment MSI produced by the Config
utility did not work for me. I have now turned to the command line tool
Caspol. This seems to be installed with the Framework, thus the SDK is not
needed. I have also found that Caspol works if the appropriate line is saved
as a batch file. I agree with you that the whole system is ridiculously
complicated when all you want to do is create an install package for a
simple Outlook Add-in. Instead of one install package, three are needed to
install the Add-in and that has to be followed by a batch file to set the
security.

Mike Bernstein

 

[rkozlin]

The deployment MSI produced by the Config utility did not work for me either.
Thank you for sending me in the right direction again though. Using a batch
file with Caspol worked for my machine and every test PC I have installed
this on so far.

With the way we push out software this will be workable - though ugly - and
so I am calling it done unless problems occur during testing. If you needed
to make this into an easily installable package for 3rd party users, this
would be quite the headache.

 

[oded55]

Hi Mike,

can you post an example to that batch file? i think i have the same
problem with a PowerPoint add in,

thank you.

 

[Mike Bernstein]

The main lines below. You will need to change the second line for your
setup.

cd "%windir%\Microsoft.NET\Framework\v2.0.50727
caspol -u -q -ag All_Code -url "C:\Program Files\ChemLaw UK\Outlook
Multimail\*" FullTrust -n "Outlook Multimail"

You can also add -d <description> to the second line if you want.

Mike Bernstein

 

[S.Creek]

Hi Mike,

thanks for your post
unfortunately even after doing that and getting a success message from
CasPool, i still unable to see my addin in the PowerPoint App,

any other ideas of where i should look for?, i am getting kind of
desperate on this, and consider moving back to .Net 1.1

thanks

 

[S.Creek]

Is PowerPoint different then Outlook for that manner? i followed
everything you guys mentioned here, but no luck, any ideas?

 

[Mike Bernstein]

Sorry but my only venture into add-ins so far has been the Outlook add-in
and this was created using the Outlook add-in template in VS 2005 Tools for
Office. It took me a few days to discover the security problem with mine and
cannot claim to be even a beginner expert.

Something else that may or may not be of some help. There was one
significant difference between your problem and mine: In my case, the add-in
would only load from within VS, thus it would not load when installed
outside of VS on the same PC; In your case, I think, the add-in loads OK
outside of VS on the same machine. Could it be that in your case, the code
itself has to be signed (digital certificate) for it to run on any PC other
than the developer one?

Mike Bernstein